HSMs are used by some of the biggest organisations around. However, cloud solutions have provided a much larger number of organisations with the ability to swiftly deploy enterprise cryptography in a cost-effective manner, shares Ruchin Kumar, Vice President – South Asia, Futurex, in an exclusive interaction with Srajan Agarwal of Elets News Network (ENN).
Which sectors have taken lead in the adoption of General Purpose and Cloud Payment HSMs? Where do you see maximum growth in demand for your cloud payment and general-purpose HSMs to come from in 2023?
Where there’s a need to protect sensitive data, there’s a need for HSMs. Some of the biggest industries that come to mind are payments, retail, government and defense, and healthcare. Where payment data is involved, you’ll find the need for payment HSMs, either on-premises or in the cloud. Where personal identifiable information (PII) is dealt with, you’ll see more demand for general-purpose HSMs. Of course, general-purpose HSMs do more than encrypt PII. They can be used to encrypt databases, files, and applications, and can generate and manage encryption keys, forming the basis for public key infrastructure (PKI), certificate authority (CA), Blockchain products and IOT. General Purpose HSMs also plays a great role in securing the root key of trust used in digital signing of messages/files/transactions to ensure integrity and non-repudiation.
More and more companies are migrating critical infrastructure to the cloud. They benefit from the OpEx (versus CapEx) financial model and on-demand scalability. However, there is an increasing need for cloud cryptography platforms with a truly global reach that complies with data localisation requirements. Our global cloud offering is one way we really stand out from other cryptography providers, and has been a source of growing demand among our customer base.
What are the primary obstacles and opportunities for HSM adoption in India? How do you intend to capitalise on opportunities and effectively resolve challenges?
HSMs are used by some of the biggest organisations around. However, cloud solutions have provided a much larger number of organisations with the ability to swiftly deploy enterprise cryptography in a cost-effective manner. Futurex’s local Indian data centers deliver low latency and high availability to our customers and partners in the region. The Futurex cloud makes it so that organisations don’t have to worry about data localisation regulations, either.
Which industries, in your opinion, have taken the lead in embracing Cloud Payment HSMs? And how does your company make HSMs inexpensive to fintechs and small payment organisations?
India is home to a large number of fintechs, with more emerging all the time. We’ve noticed that our cloud solutions lower the barrier to entry among organisations like these. The VirtuCrypt cloud offers a pay-as-you-go OpEx model instead of the upfront expense of a CapEx model. Organisations have the freedom to begin deploying infrastructure in the cloud and scale up or down according to need. Above all, Futurex HSM expert team helps in typical integration and management issues.
What recommendations do you have for CIOs/CTOs/CISOs of fintech companies/payment organisations aiming to instil customer trust in digital transactions?
More encryption is always better, and strong encryption is best. Hardware-based encryption—whether deployed on-premises or in the cloud—is the best way of achieving both of these goals at once. Hardware-based encryption is where cryptographic processes are performed inside of a temper resistant FIPS certified physically secure boundary; likewise, cryptographic keys are stored in dedicated hardware components that are physically secure.
Using hardware-based encryption solutions validated under international standards like PCI HSM is a great way to maintain trust in your organisation’s security. PCI validation entails strict compliance and serves as a badge of trust among customers and partners.
At the end of the day, business depends on trust, and trust depends on encryption security of encryption keys responsible for doing encryption. That’s why it’s important to find an encryption and key management provider that is likewise trusted across the industry.
With cybercrime on the rise, what role do you see for tokenisation and application encryption technology in beefing up cyber security?
Tokenisation is where data—such as payment card information—is substituted with randomised strings or “tokens” and stored in encrypted form. This makes it so that attackers can’t retrieve the clear-text data. However, tokenisation can entail the use of storage systems called “token vaults,” where tokens are held. Token vaults can entail their own attack vectors, which is why Futurex uses “vaultless tokenisation” to further secure the tokenisation process. Deploying a vaultless tokenisation solution helps protect payment data with fewer points of attack and better security.
Application encryption is crucial for most organisations. Most organisations deal with multiple applications, each of which may use thousands of encryption keys. To avoid cryptographic sprawl and the resulting vulnerabilities, organisations are well-advised to consider deploying a robust key management solution. Using good key management helps define and automate how your encryption keys are created, distributed, stored, rotated, and destroyed. Not only does it reduce manual effort, it tightens security and opens the door to new cryptographic possibilities within your organisation.
Elets The Banking and Finance Post Magazine has carved out a niche for itself in the crowded market with exclusive & unique content. Get in-depth insights on trend-setting innovations & transformation in the BFSI sector. Best offers for Print + Digital issues! Subscribe here➔ www.eletsonline.com/subscription/
